Last Week in Tech Policy: #45 Inspection of Electronic Devices and Passwords

(By Gabrielle Daley, Colorado Law 2L)

NASA scientist and U.S citizen Sidd Bikkannavar flew back into the United States on January 30th, 2017 and was detained by U.S customs and border patrol agents.  Mr. Bikkannavar was detained upon his arrival at the Houston airport by agents who stated the reason for the detention was to ensure that he was not bringing anything dangerous into the country. However the agents never searched Mr. Bikkannavar’s luggage. Instead he was handed a document entitled “Inspection of Electronic Devices” and asked for his cell phone and cell phone password.

Mr. Bikkannavar was reluctant to hand over the phone because as it belonged to his employer, the NASA Jet Propulsion Laboratories. However, agents insisted on access to the phone and password, and eventually Mr. Bikkannavar gave an agent both. The agent then left the room with the device. Mr. Bikkannavar has no idea what the agent did with the phone outside of his presence, but in a Tweet last week confirmed that JPL is running digital forensics on the phone to try and determine what may have been taken—or left—on the phone.

Continue reading “Last Week in Tech Policy: #45 Inspection of Electronic Devices and Passwords”

Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices

(by Zachary Goldberg, Colorado Law 2L)

Apparently Yahoo waited two full months to disclose to its customers the largest consumer data breach in history, which Yahoo officials claim went undetected for two full years

On September 22, 2016, Yahoo officials announced that 500 million of its customers’ email accounts were hacked in 2014. The Yahoo security team believes that “state-sponsored hackers” somehow managed to penetrate Yahoo’s system to target its email users’ identifying information, passwords, and security question responses. At this stage in their investigation, Yahoo officials have not indicated precisely when they discovered the breach, and they know neither specific details as to who orchestrated it, nor how they gained access to Yahoo’s email system.

Continue reading “Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices”

Last Week in Tech Law & Policy, Vol. 35: Microtargeting and the Use of Voter Data to Win Elections

(By Sean Doran, Colorado Law 3L)

Both major political parties in the United States currently gather and aggregate massive amounts of data on American voters. Over the last several election cycles, with the advent of advanced data analytics and advances in data storage and processing, campaigns have gained the ability to learn and track a surprising amount of data about voters. This creates a level of precision that allows campaigns to build advanced models for identifying and targeting individual voters to receive (or not receive) individual messages (microtargeting).  Parties are building “political dossiers” on American voters which are some of the largest, unregulated aggregations of personal data that currently exist.

Continue reading “Last Week in Tech Law & Policy, Vol. 35: Microtargeting and the Use of Voter Data to Win Elections”

Last Week in Tech Law & Policy, Vol. 31: Sponsored and Compelled Hacking, Government Edition

(by Colter Donahue, Colorado Law 3L)

Should government agencies possess, compel, or sponsor hacking and backdoors? A backdoor is a method of bypassing the normal authentication system of a website, messaging service, or other means of electronic communications.

Privacy and encryption advocates point out that the tools created or vulnerabilities exploited by backdoors pose a privacy risk. The vulnerabilities are not not limited to exploit by U.S. agencies like the FBI and NSA; bad actors and other nations can use them too. Hacking tools don’t always stay secret; once exposed, potential damage may be measured on a global scale. But what happens when law enforcement needs access for investigatory purposes? The following post will look at a recent example and the balance of competing interests.

Continue reading “Last Week in Tech Law & Policy, Vol. 31: Sponsored and Compelled Hacking, Government Edition”

Last Week in Tech Law & Policy, Vol. 29: The Dangers of “Innocuous” Data

(by Parker Ragland, Colorado Law 2L)

People often hold one of two views on privacy—either it is important to them, or they state, “I have nothing to hide.” While the latter response legitimately expresses fear that privacy laws may be used by wrongdoers to shield themselves from justice, it also reveals a common misconception about privacy: only mistakes in your past can harm your future. Problems associated with data science, and specifically the data-broker industry, are at the core of this misconception.

Continue reading “Last Week in Tech Law & Policy, Vol. 29: The Dangers of “Innocuous” Data”

Last Week in Tech Law and Policy, Vol. 25: The CISA/CISPA See-Saw of Cybersecurity

The government intelligence community has long vocally advocated for so-called “backdoors” in encrypted digital communications systems. Proponents of these special modes of entry and intercept into otherwise protected databases and communications believe they are a necessary part of national security in the modern age. However, attempts to statutorily codify these ideas have met significant opposition.

Not to be deterred, the government is currently seeking alternate ways to gather information about suspected criminals and terrorists. Two weeks ago, the Senate passed the Cybersecurity Intelligence Sharing Act (CISA). This bill seeks primarily to permit information technology companies to “voluntarily” share information about security threats with the Department of Homeland Security. Companies would be given immunity both from liability and from FOIA requests regarding this information sharing. A proposed amendment that would have required the scrubbing of personally identifiable information in this information sharing failed to pass.

Continue reading “Last Week in Tech Law and Policy, Vol. 25: The CISA/CISPA See-Saw of Cybersecurity”

Last Week in Tech Law and Policy, Vol. 21: Peeple – the “Yelp for people” App

(by Jim Murray, Colorado Law 2L)

“Yelp for People” is Here

This week saw the unveiling of a new app called Peeple, set to launch in November. The app bills itself as “Yelp for people.” The app provides a place for people to view and create reviews of other people. Those reviews can be submitted by anyone who knows the target’s phone number, including ex-girlfriends, former co-workers, and anyone else who may happen to come across that number.

Continue reading “Last Week in Tech Law and Policy, Vol. 21: Peeple – the “Yelp for people” App”

Last Week in Tech Law and Policy, Vol. 17: Do We Want to be Lab Rats?

(by Calli Schroeder, Colorado Law 3L)

Large companies experiment on their users all the time in large and small ways through “product testing.” Changing the format of a homepage or the layout of an app to see if it facilitates easier use or better engagement could constitute an “experiment.”  However, what happens when the experiment is only tangentially related to the product?  And how does this affect our understanding of privacy and informed consent?

Continue reading “Last Week in Tech Law and Policy, Vol. 17: Do We Want to be Lab Rats?”

Last Week in Tech Law and Policy, Vol. 16: The Art of Deception: a Gift or a Curse?

(by Annie Tooley, Colorado Law 2L)

Following on last week’s post, another dark cloud continues to loom over the Internet: malware. Malware is somewhat two-faced.  On one side, hackers use malware to gain access to personal information.  On the other side, the government uses malware to track down criminals and terrorists.  But what happens when the line separating the two starts to blur?  This post will explore the “good” and “bad” sides of deceptive delivery of malware.

Continue reading “Last Week in Tech Law and Policy, Vol. 16: The Art of Deception: a Gift or a Curse?”

Last Week in Tech Law and Policy, Vol. 15: The Internet’s Lousy Summer Vacation

We’re back for Season 2 of our ongoing weekly recap of current tech policy news. As always, the TLPC Director (that’s me—Blake Reid) takes on the first blog post of the semester before the TLPC’s student attorneys take over for the duration. As summer comes to a close in Boulder, this post explores some of the dark clouds have circled over the Internet in recent weeks.

Continue reading “Last Week in Tech Law and Policy, Vol. 15: The Internet’s Lousy Summer Vacation”